Warning: Šis apraksts jau vairāk ka gadu nav mainīts. Iespējams, ka tas ir novecojis!

Iptables inicializācijas skripts

Ubuntu distributīvos, uzstādot iptables, netiek izveidots inicializācijas skripts. Tāpēc šo failu nepieciešams izveidot un tā izsaukšanu nokonfigurēt manuāli.

  1. Izveido init skriptu:
    sudo touch /etc/init.d/iptables
sudo chmod 755 /etc/init.d/iptables
  2. sudo gedit /etc/init.d/iptables
    un ieliek tajā sekojošu saturu:
    #!/bin/sh
# see: http://ubuntuforums.org/showthread.php?t=19106
#This is a ubuntu adapted iptables script from gentoo
#(http://www.gentoo.org) which was originally distributed
# under the terms of the GNU General Public License v2
#and was Copyrighted 1999-2004 by the Gentoo Foundation
#
#This adapted version was intended for and ad-hoc personal
#situation and as such no warranty is provided.
    
IPTABLES_SAVE="/etc/default/iptables-rules"
SAVE_RESTORE_OPTIONS="-c"
SAVE_ON_STOP="yes"
    
checkrules() {
  if [ ! -f ${IPTABLES_SAVE} ]
  then
    echo "Not starting iptables. First create some rules then run"
    echo "\"/etc/init.d/iptables save\""
    return 1
  fi
}
    
save() {
  echo "Saving iptables state"
  /sbin/iptables-save ${SAVE_RESTORE_OPTIONS} > ${IPTABLES_SAVE}
}
    
start(){
  checkrules || return 1
    echo  "Loading iptables state and starting firewall"
    echo -n "Restoring iptables ruleset"
    # Enable forwarding (if necessary)
    echo 1 >/proc/sys/net/ipv4/ip_forward
    start-stop-daemon --start --quiet --exec /sbin/iptables-restore -- ${SAVE_RESTORE_OPTIONS} < ${IPTABLES_SAVE}
}
    
case "$1" in
  save)
        save
        echo "."
        ;;
    
  start)
    start
  echo "."
  ;;
  stop)
    if [ "${SAVE_ON_STOP}" = "yes" ]; then
      save || exit 1
    fi
    echo -n "Stopping firewall"
    for a in `cat /proc/net/ip_tables_names`; do
      /sbin/iptables -F -t $a
      /sbin/iptables -X -t $a
    
      if [ $a == nat ]; then
        /sbin/iptables -t nat -P PREROUTING ACCEPT
        /sbin/iptables -t nat -P POSTROUTING ACCEPT
        /sbin/iptables -t nat -P OUTPUT ACCEPT
      elif [ $a == mangle ]; then
        /sbin/iptables -t mangle -P PREROUTING ACCEPT
        /sbin/iptables -t mangle -P INPUT ACCEPT
        /sbin/iptables -t mangle -P FORWARD ACCEPT
        /sbin/iptables -t mangle -P OUTPUT ACCEPT
        /sbin/iptables -t mangle -P POSTROUTING ACCEPT
      elif [ $a == filter ]; then
        /sbin/iptables -t filter -P INPUT ACCEPT
        /sbin/iptables -t filter -P FORWARD ACCEPT
        /sbin/iptables -t filter -P OUTPUT ACCEPT
      fi
    done
    start-stop-daemon --stop --quiet --pidfile /var/run/iptables.pid --exec /sbin/iptables
    echo "."
    ;;
    
  restart)
    echo -n "Flushing firewall"
      for a in `cat /proc/net/ip_tables_names`; do
        /sbin/iptables -F -t $a
          /sbin/iptables -X -t $a
      done;
    start
    echo "."
    ;;
  *)
    echo "Usage: /etc/init.d/iptables {start|stop|restart|save}" >&2
    exit 1
    ;;
esac
    
exit 0
  3. Pievieno init skripta izsaukumu:
    sudo update-rc.d iptables start 37 S . stop 37 0 .
  4. Saglabā tekošos iestatījumus:
    /etc/init.d/iptables save
  5. Pārstartē iptables:
    /etc/init.d/iptables restart

Created by Valdis Vītoliņš on 2008/08/09 16:31
Last modified by Valdis Vītoliņš on 2009/12/20 20:23
XWiki Enterprise 2.7.33656 - Documentation
Creative Commons Attribution 3.0 Unported License